Skip to content

Commit

Permalink
Define COEP:cors-or-credentialless
Browse files Browse the repository at this point in the history 
Specify the behavior of `Cross-Origin-Embedder-Policy: cors-or-credentialless`,
Originally described in:
https://github.com/mikewest/credentiallessness

For the HTML spec:
- `COEP:cors-or-credentialless`
- `COEP:require-corp`
have equivalent behavior..

Those value are said to be `compatible with crossOriginIsolation`. This patch
rewrite the specification to use this concept.

This patch is accompagned with a fetch specification patch:
XXX

COEP:cors-or-credentialless causes cross-origin no-cors request to omit
credentials. In exchange, Cross-Origin-Resource-Policy in response isn't
required.
  • Loading branch information
@ArthurSonzogni
ArthurSonzogni committed Apr 30, 2021
1 parent 496413f commit 25abb6e
Showing 1 changed file with 120 additions and 52 deletions.
172 changes: 120 additions & 52 deletions source
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78591,9 +78591,9 @@ console.assert(iframeWindow.frameElement === null);
data-x="http-cross-origin-opener-policy">Cross-Origin-Opener-Policy</span>: <span
data-x="coop-same-origin">same-origin</span></code>`, and</p></li>

<li><p>every <span>Document</span> has `<code
data-x=""><span>Cross-Origin-Embedder-Policy</span>: <span
data-x="coep-require-corp">require-corp</span></code>`.</p></li>
<li><p>every <span>Document</span> has a `<code data-x="embedder policy value">
Cross-Origin-Embedder-Policy</code>value <span>compatible with crossOriginIsolation</span>.
</p></li>
</ul>

<p>On some platforms, it is difficult to provide the security properties required to grant safe
Expand Down Expand Up @@ -81508,8 +81508,9 @@ interface <dfn>BarProp</dfn> {
data-x="http-cross-origin-opener-policy">Cross-Origin-Opener-Policy</code>` header, but results
from a combination of setting both `<code data-x=""><span
data-x="http-cross-origin-opener-policy">Cross-Origin-Opener-Policy</span>: <span
data-x="coop-same-origin">same-origin</span></code>` and `<code
data-x=""><span>Cross-Origin-Embedder-Policy</span>: require-corp</code>` together.</p>
data-x="coop-same-origin">same-origin</span></code>` and a
`<code data-x="embedder policy value"> Cross-Origin-Embedder-Policy</code>` value
<span>compatible with crossOriginIsolation</span> together.<p>
</dd>
</dl>

Expand Down Expand Up @@ -81598,10 +81599,10 @@ interface <dfn>BarProp</dfn> {
policy">obtaining a cross-origin embedder policy</span> from <var>response</var> and
<var>reservedEnvironment</var>.</p></li>

<li><p>If <var>coep</var>'s <span data-x="embedder-policy-value">value</span> is "<code
data-x="coep-require-corp">require-corp</code>", then set <var>policy</var>'s <span
data-x="coop-struct-value">value</span> to "<code
data-x="coop-same-origin-plus-COEP">same-origin-plus-COEP</code>".</p></li>
<li><p>If <var>coep</var>'s <span data-x="embedder-policy-value">value</span> is
<span>compatible with crossOriginIsolation</span>, then set <var>policy</var>'s <span
data-x="coop-struct-value">value</span> to "<code data-x="coop-same-origin-plus-COEP">
same-origin-plus-COEP</code>".</p></li>

<li><p>Otherwise, set <var>policy</var>'s <span
data-x="coop-struct-value">value</span> to "<code
Expand Down Expand Up @@ -81640,10 +81641,10 @@ interface <dfn>BarProp</dfn> {
<var>reservedEnvironment</var>.</p></li>

<li>
<p>If <var>coep</var>'s <span data-x="embedder-policy-value">value</span> is "<code
data-x="coep-require-corp">require-corp</code>" or <var>coep</var>'s <span
data-x="embedder-policy-report-only-value">report-only value</span> is "<code
data-x="coep-require-corp">require-corp</code>", then set <var>policy</var>'s <span
<p>If <var>coep</var>'s <span data-x="embedder-policy-value">value</span> is
<span>compatible with crossOriginIsolation</span> or <var>coep</var>'s <span
data-x="embedder-policy-report-only-value">report-only value</span> is
<span>compatible with crossOriginIsolation</span>, then set <var>policy</var>'s <span
data-x="coop-struct-report-only-value">report-only value</span> to "<code
data-x="coop-same-origin-plus-COEP">same-origin-plus-COEP</code>".</p>

Expand Down Expand Up @@ -82655,7 +82656,7 @@ interface <dfn>BarProp</dfn> {
<h3 id="coep">Cross-origin embedder policies</h3>

<p>An <dfn export>embedder policy value</dfn> controls the fetching of cross-origin resources
without explicit permission from resource owners. There are two such values:</p>
without explicit permission from resource owners. There are three such values:</p>

<dl>
<dt>"<dfn data-x="coep-unsafe-none" export for="embedder policy value"><code
Expand All @@ -82664,6 +82665,12 @@ interface <dfn>BarProp</dfn> {
without giving explicit permission through the <span>CORS protocol</span> or the
`<code>Cross-Origin-Resource-Policy</code>` header.</p></dd>

<dt>"<dfn data-x="coep-cors-or-credentialless" export for="embedder policy value"><code
data-x="">cors-or-credentialless</code></dfn>"</dt>
<dd><p>When this value is used, fetching cross-origin no-CORS resources omits credentials. In
exchange, an explicit `<code>Cross-Origin-Resource-Policy</code>` on response is not required.
</p></dd>

<dt>"<dfn data-x="coep-require-corp" export for="embedder policy value"><code
data-x="">require-corp</code></dfn>"</dt>
<dd><p>When this value is used, fetching cross-origin resources requires the server's
Expand Down Expand Up @@ -82774,18 +82781,31 @@ interface <dfn>BarProp</dfn> {
with `<code>Cross-Origin-Embedder-Policy</code>` and "<code data-x="">item</code>" from
<var>response</var>'s <span data-x="concept-response-header-list">header list</span>.</p></li>

<li>
<p>If <var>parsedItem</var> is non-null and <var>parsedItem</var>[0] is "<code
data-x="">require-corp</code>":</p>

<li><p>If <var>parsedItem</var> is non-null</p>
<ol>
<li><p>Set <var>policy</var>'s <span data-x="embedder-policy-value">value</span> to "<code
data-x="coep-require-corp">require-corp</code>".</p></li>.
<!--cors-or-credentialless-->
<li><p>If <var>parsedItem</var>[0] is "<code data-x="">cors-or-credentialless</code>":</p>
<ol>
<li><p>Set <var>policy</var>'s <span data-x="embedder-policy-value">value</span> to "<code
data-x="coep-cors-or-credentialless">cors-or-credentialless</code>".</p></li>.

<li><p>If <var>parsedItem</var>[1]["<code data-x="coep-report-to">report-to</code>"] <span
data-x="map exists">exists</span>, then set <var>policy</var>'s <span
data-x="embedder-policy-reporting-endpoint">endpoint</span> to <var>parsedItem</var>[1]["<code
data-x="coep-report-to">report-to</code>"].</p></li>
<li><p>If <var>parsedItem</var>[1]["<code data-x="coep-report-to">report-to</code>"] <span
data-x="map exists">exists</span>, then set <var>policy</var>'s <span
data-x="embedder-policy-reporting-endpoint">endpoint</span> to <var>parsedItem</var>
[1]["<code data-x="coep-report-to">report-to</code>"].</p></li>
</ol>

<!--require-corp-->
<li><p>If <var>parsedItem</var>[0] is "<code data-x="">require-corp</code>":</p>
<ol>
<li><p>Set <var>policy</var>'s <span data-x="embedder-policy-value">value</span> to "<code
data-x="coep-require-corp">require-corp</code>".</p></li>.

<li><p>If <var>parsedItem</var>[1]["<code data-x="coep-report-to">report-to</code>"] <span
data-x="map exists">exists</span>, then set <var>policy</var>'s <span
data-x="embedder-policy-reporting-endpoint">endpoint</span> to <var>parsedItem</var>
[1]["<code data-x="coep-report-to">report-to</code>"].</p></li>
</ol>
</ol>
</li>

Expand All @@ -82809,9 +82829,59 @@ interface <dfn>BarProp</dfn> {
</ol>
</li>

<li><p>If <var>parsedItem</var> is non-null</p>
<ol>
<!--cors-or-credentialless-->
<li><p>If <var>parsedItem</var>[0] is "<code data-x="">cors-or-credentialless</code>":</p>
<ol>
<li><p>Set <var>policy</var>'s <span
data-x="embedder-policy-report-only-value">report-only value </span> to "<code
data-x="coep-cors-or-credentialless">cors-or-credentialless</code>".</p></li>.

<li><p>If <var>parsedItem</var>[1]["<code data-x="coep-report-to">report-to</code>"] <span
data-x="map exists">exists</span>, then set <var>policy</var>'s <span
data-x="embedder-policy-report-only-reporting-endpoint">report-only reporting endpoint
</span> to <var>parsedItem </var> [1]["<code data-x="coep-report-to">report-to</code>"].</p>
</li>
</ol>

<!--require-corp-->
<li><p>If <var>parsedItem</var>[0] is "<code data-x="">require-corp</code>":</p>
<ol>
<li><p>Set <var>policy</var>'s <span data-x="embedder-policy-report-only-value">value
</span> to "<code data-x="coep-require-corp">require-corp</code>".</p></li>.

<li><p>If <var>parsedItem</var>[1]["<code data-x="coep-report-to">report-to</code>"] <span
data-x="map exists">exists</span>, then set <var>policy</var>'s <span
data-x="embedder-policy-report-only-reporting-endpoint">report-only reporting endpoint
</span> to <var>parsedItem</var> [1]["<code data-x="coep-report-to">report-to</code>"].</p>
</li>
</ol>
</ol>
</li>

<li><p>Return <var>policy</var>.</p></li>
</ol>

<h4>Compatible with crossOriginIsolated</h4>

<p>A <span data-x="embedder policy value">Cross-Origin-Embedder-Policy value</span> is
<dfn>compatible with crossOriginIsolation</dfn> following this table</p>

<table class="data">
<thead>
<tr>
<th><span data-x="embedder policy value">Value</span></th>
<th><span>Compatible with crossOriginIsolation</span></th>
</tr>
</thead>
<tbody>
<tr><td><code data-x="coep-unsafe-none">unsafe-none</code></td> <td>false</td></tr>
<tr><td><code data-x="coep-cors-or-credentialless">cors-or-credentialless</code></td><td>true
</td> </tr>
<tr><td><code data-x="coep-require-corp">require-corp</code></td> <td>true</td></tr>
</table>

<h4>Embedder policy checks</h4>

<p>To <dfn>check a navigation response's adherence to its embedder policy</dfn> given a <span
Expand All @@ -82831,19 +82901,18 @@ interface <dfn>BarProp</dfn> {
data-x="concept-document-embedder-policy">embedder policy</span>.</p></li>

<li><p>If <var>parentPolicy</var>'s <span data-x="embedder-policy-report-only-value">report-only
value</span> is "<code data-x="coep-require-corp">require-corp</code>" and
<var>responsePolicy</var>'s <span data-x="embedder-policy-value">value</span> is "<code
data-x="coep-unsafe-none">unsafe-none</code>", then <span>queue a cross-origin embedder policy
inheritance violation</span> with <var>response</var>, "<code data-x="">navigation</code>",
<var>parentPolicy</var>'s <span data-x="embedder-policy-report-only-reporting-endpoint">report
only reporting endpoint</span>, "<code data-x="">reporting</code>", and <var>target</var>'s <span
value</span> is <span>compatible with crossOriginIsolation</span> and
<var>responsePolicy</var>'s <span data-x="embedder-policy-value">value</span> is not, then
<span>queue a cross-origin embedder policy inheritance violation</span> with <var>response</var>,
"<code data-x="">navigation</code>", <var>parentPolicy</var>'s <span
data-x="embedder-policy-report-only-reporting-endpoint">report only reporting endpoint</span>,
"<code data-x="">reporting</code>", and <var>target</var>'s <span
data-x="bc-container-document">container document</span>'s <span>relevant settings
object</span>.</p></li>

<li><p>If <var>parentPolicy</var>'s <span data-x="embedder-policy-value">value</span> is "<code
data-x="coep-unsafe-none">unsafe-none</code>" or <var>responsePolicy</var>'s <span
data-x="embedder-policy-value">value</span> is "<code
data-x="coep-require-corp">require-corp</code>", then return true.</p></li>
<li><p>If <var>parentPolicy</var>'s <span data-x="embedder-policy-value">value</span> is not
<span>compatible with crossOriginIsolation</span> or <var>responsePolicy</var>'s is
<span>compatible with crossOriginIsolation</span>, then return true.</p></li>

<li><p><span>Queue a cross-origin embedder policy inheritance violation</span> with
<var>response</var>, "<code data-x="">navigation</code>", <var>parentPolicy</var>'s <span
Expand All @@ -82870,18 +82939,17 @@ interface <dfn>BarProp</dfn> {
data-x="concept-settings-object-embedder-policy">embedder policy</span>.

<li><p>If <var>ownerPolicy</var>'s <span data-x="embedder-policy-report-only-value">report-only
value</span> is "<code data-x="coep-require-corp">require-corp</code>" and <var>policy</var>'s
<span data-x="embedder-policy-value">value</span> is "<code
data-x="coep-unsafe-none">unsafe-none</code>", then <span>queue a cross-origin embedder policy
inheritance violation</span> with <var>response</var>, "<code data-x="">worker
value</span> is <span>compatible with crossOriginIsolation</span> and <var>policy</var>'s
<span data-x="embedder-policy-value">value</span> is not, then <span>queue a cross-origin
embedder policy inheritance violation</span> with <var>response</var>, "<code data-x="">worker
initialization</code>", <var>owner's policy</var>'s <span
data-x="embedder-policy-report-only-reporting-endpoint">report only reporting endpoint</span>,
"<code data-x="">reporting</code>", and <var>owner</var>.</p></li>
"<code data-x="">reporting</code>", and
<var>owner</var>.</p></li>

<li><p>If <var>ownerPolicy</var>'s <span data-x="embedder-policy-value">value</span> is "<code
data-x="coep-unsafe-none">unsafe-none</code>" or <var>policy</var>'s <span
data-x="embedder-policy-value">value</span> is "<code
data-x="coep-require-corp">require-corp</code>", then return true.</p></li>
<li><p>If <var>ownerPolicy</var>'s not <span>compatible with crossOriginIsolation</span>
or <var>policy</var>'s <span data-x="embedder-policy-value">value</span> is <span>compatible with
crossOriginisolation</span>, then return true.</p></li>

<li><p><span>Queue a cross-origin embedder policy inheritance violation</span> with
<var>response</var>, "<code data-x="">worker initialization</code>", <var>owner's policy</var>'s
Expand Down Expand Up @@ -85230,9 +85298,9 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface

<li>
<p>If <var>sandboxFlags</var> is not empty and <var>responseCOOP</var>'s <span
data-x="coop-struct-value">value</span> is not "<code
data-x="coop-unsafe-none">unsafe-none</code>", then set <var>response</var> to an
appropriate <span>network error</span> and <span>break</span>.</p>
data-x="coop-struct-value">value</span> is <span>compatible with
crossOriginIsolation</span>, then set <var>response</var> to an appropriate <span>network
error</span> and <span>break</span>.</p>

<p class="note">This results in a network error as one cannot simultaneously provide a
clean slate to a response using cross-origin opener policy and sandbox the result of
Expand Down Expand Up @@ -99731,12 +99799,11 @@ interface <dfn>SharedWorkerGlobalScope</dfn> : <span>WorkerGlobalScope</span> {

<li>
<p>If <var>worker global scope</var>'s <span
data-x="concept-WorkerGlobalScope-embedder-policy">embedder policy</span> is "<code
data-x="coep-require-corp">require-corp</code>" and <var>is shared</var> is true, then set
<var>agent</var>'s <span>agent cluster</span>'s <span
data-x="agent-cluster-cross-origin-isolation">cross-origin isolation mode</span> to "<code
data-x="cross-origin-isolation-logical">logical</code>" or "<code
data-x="cross-origin-isolation-concrete">concrete</code>". The one chosen is
data-x="concept-WorkerGlobalScope-embedder-policy">embedder policy</span> is <span>compatible
with crossOriginIsolation</span> and <var>is shared</var> is true, then set <var>agent</var>'s
<span>agent cluster</span>'s <span data-x="agent-cluster-cross-origin-isolation">cross-origin
isolation mode</span> to "<code data-x="cross-origin-isolation-logical">logical</code>" or
"<code data-x="cross-origin-isolation-concrete">concrete</code>". The one chosen is
<span>implementation-defined</span>.</p>

<p class="XXX">This really ought to be set when the agent cluster is created, which requires a
Expand Down Expand Up @@ -123734,6 +123801,7 @@ INSERT INTERFACES HERE
Arne Thomassen,
Aron Spohr,
Arphen Lin,
Arthur Sonzogni,
Arthur Stolyar,
Arun Patole,
Aryeh Gregor,
Expand Down

0 comments on commit 25abb6e

Please sign in to comment.